1 10243 sophos web security buyer guide wpna
TRANSCRIPT
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
1/15
Web security buyers guide
1
Web security buyers guide
Web interactivity increasingly relies on user- and third-party-generated content built on rich backend database systems,
which are easily exploited. This has created a breeding ground or the distribution o malwareeven among the most
trusted and popular web sites and applications. This dramatic change in the nature o web threats has rendered
traditional web ltering technology completely ineective. Simply blocking access to sites that may host malware is no
longer a viable solution as that would now include each and every site on the net.
With the web now a mission-critical tool in most organizations day-to-day activities, its critical to equip yoursel with a
security solution that enables the users to be productive, while also providing the security essential to ensure a risk-ree
experience.
Organizations looking or protection against modern web threats need a solution that demonstrates security attributes
that combines powerul application, site and content controls with proactive malware detection. In todays economy,
best-o-breed security must also embrace low-impact, eective administration enabling organizations to do more with
less. At the same time, the solution must meet end-user expectations and requirements or speed, eciency, and open
access to the tools and sites they need. Solutions which ail to meet these demands or security, control, perormance,
value and accessibility will ultimately ail the organization.
The web is now the number one vector o attack
or cybercriminals, with a newly inected web site
discovered every ew seconds. Hijacked trusted
sites, poisoned search results, ake AV, and phishing
sites are all nding their way into our browsers at an
alarming rate. As a result, Internet access creates a
dilemma or you: on the one hand, the risks presented
by allowing unettered access to the web are
enormous, yet the Internet is undeniably becoming a
mission-critical business tool. Social networking sites,
blogs, orums and media portals have all become
important instruments or employee recruitment, viral
marketing, public relations, customer interaction, and
research. They cannot be blocked without seriously
impacting business productivity and eectiveness.
A new approach to web security and control is required that
ully supports the needs o businesses, equipping users with
the tools they need to be more eective while eliminating
the associated risks o potential inection rom trusted
legitimate sites. In addition to good preventive practices,
such as rigorous patching and educating users about the
risks o browsing, it is vital that organizations implement a
comprehensive web security and control solution.
Introduction
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
2/15
Web security buyers guide
Web security buyers guide 2
Security and Control Components:
Application control
Productivity and reputation ltering
Proxy ltering
Real-time malware ltering
HTTPS ltering
Content-based ltering
Data loss prevention
In addition to best-o-breed security, the solution must
also t seamlessly into your organization.
Deployment, Management, and Vendor Capabilities:
Low-impact end-user experience
Flexible easy deployment
Minimal administrative burden
Intuitive management console
Rich dashboard and reporting
World-class vendor services and support
Finally, the solution must be aordable, providing
maximum value or your investment.
The rest o this document is dedicated to articulating the key
components o an eective web security and control solution.
Application Control
Web application control is not just about productivity
its an important oundational layer to an eective web
protection strategy.
Most web malware utilizes commercially available exploit
packs that contain dozens o dierent vulnerability
testers, redirectors, and actual exploit code that attempt
to test or and exploit a myriad o vulnerabilities that
exist in applications on the users system. These kits are
designed specically to prey on users who arent diligent
in keeping their sotware and operating system patches
up to date. Its thereore critical to not only keep your
applications patched and up-to-date, but also minimize
and limit the number o web applications in your
environment to an absolute lowest common denominator
standard set o business related programs and tools.
Unortunately, traditional application controls at the
gateway rely on port or packet inspection to identiy
and control instant messaging, peer-to-peer and other
non-browser web applications. The problem with this
approach is that it doesnt prevent these applications
rom being installed and ultimately exploited. This is
where a security suite that integrates both endpoint and
web protection together can oer enormous benets, by
controlling unwanted applications on the desktop, beore
they can become exploited and inected.
Web Security and Control Overview
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
3/15
Web security buyers guide
Web security buyers guide 3
URL and reputation fltering
Traditional URL lters rely on vast, regularly updated
databases o sites classied into dierent categories
or the purposes o controlling productivity and
enorcing acceptable use policy. URL ltering was once
considered an acceptable web security solution, but
the presence o web malware has shited dramatically
rom dodgy porn and gambling sites to much more
popular mainstream websites across all categories. So
while URL ltering plays an important role in optimizing
network perormance and sta productivity by blocking
access to illegal, inappropriate, or non-business-critical
web content, it is not an eective security solution
against modern threats to hijacked trusted sites.
Reputation-based lters are designed to augment URL
ltering and act as the rst critical component in the
ght against modern web-based threats. They prevent
access to a continuously growing catalog o sites across
all categories that are known to be currently inected
or have hosted malware or other unwanted content in
the past, by ltering URLs based on their reputation as
good or bad. Reputation ltering is now considered
a proven and essential tool or successully protecting
against already known web-based threats across all site
categories.
Proxy fltering
Anonymizing proxies are specially designed sites that
enable users to browse blocked sites anonymously and
ree o company web security ltering. Obviously, these
kinds o sites can completely undermine an eective
web security and control solution, exposing users and
the organization to signicant security risks, legal liability
issues, and productivity losses.
To prevent users rom bypassing ltering controls, the
ollowing two components are critical in orming a
deence against anonymizing proxy use:
A reputation-based service that actively seeks
out new anonymizing proxies rom a variety o
underground sources as they are published and
updates the ltering database at requent, regular
intervals.
A real-time proxy detection engine that automatically
inspects trac or signs that its being routed through
a proxy, eectively closing the door on private home-
based proxies or other proxies not identied through
the reputation service.
Real-time malware fltering
Real-time predictive malware ltering goes a long way
toward closing the gap let by reputation-based lters.
With this kind o lter, all web trac passes through
a scanner designed to identiy both known and newly
emerging zero-day malware. The malware engine is
optimized or low-latency scanning. Whenever a user
accesses a website, regardless o its reputation or
category, the trac is scanned using a combination o
signatures and behavior-based technologies.
It is worth noting that this type o real-time scanning
has a urther advantage over traditional URL lters: the
ltering is, almost by denition, bi-directional both
the user request to and the inormation returning rom
the web server are scanned. In addition to detecting
known malware as it moves across legitimate sites, this
bi-directional ltering can also provide protection against
new threats regardless o where they are hosted.
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
4/15
Web security buyers guide
Web security buyers guide 4
A real-time malware scanning engine is not only the most
critical component o an eective web security solution,
it is a key point o dierentiation among vendors. As
a result, buyers should pay particular attention to the
capabilities o their web security solution short list, and
ocus on some key considerations related to malware
scanning capabilities:
Real-time: looks at content as its accessed or
downloaded
Behavioral: goes beyond signatures to analyze code
or malicious intent beore it executes
Script emulation: will decode and emulate obuscated
JavaScript beore passing it to the browser
Bi-directional: inspecting both outbound requests
and incoming content
Multi-vector: provides integrated malware detection
across several vectors including the gateway, the
browser, and the desktop
Low latency: can scale and handle peak loads
eciently to ensure a seamless user experience
Update requency: signature and threat identity
inormation should be provided at intervals measured
in minutes, not hours or days
HTTPS fltering
With up to 40% o web applications and protected web
sites now relying on port 443 Secure Sockets Layer
(SSL), this is an increasingly popular vector or malwaredistribution and thereore a critical component o an
eective web security solution. Since SSL content is
encrypted, it cant be intercepted by most traditional web
security solutions, which leaves IT completely blind to
this trac. Its no surprise that most proxy sites, phish-
ing attacks, ake AV sites, and other malware attacks
increasingly utilize this highly vulnerable point o entry.
This major blind spot in security can also be a signicant
liability or data leakage, unwanted downloads via web-
mail solutions like Gmail, and bandwidth consumption.
HTTPS trac inspection that enables a balance o
user privacy with organizational security is critical to
an eective web security and control solution. Whats
essential is a fexible solution that provides certicate
validation with legitimate sites like nancial institutions,
while ully proxying and scanning other HTTPS sessions
or signs o malware, unwanted content, phishing
attacks, malware calling home, and proxy use.
Content-based flteringContent-based ltering analyzes all web trac on
the network to determine the true le type o content
coming back rom a website. It can then allow or
disallow this trac, based on corporate policy.
Content lters scan the actual content o a le, rather
than simply looking at the le extension or the MIME
type reported by the web server, and so can identiy
and block les that are masquerading as innocent
or allowed le types but really contain unauthorized
content. A le might, or example, have a .TXT
extension but in act be an executable le.
By enabling enorcement o only business-type content,
this pillar o protection enables organizations to create
policies around a variety o content types that are o ten
used to send malware, thereby dramatically reducing
the risks o inection. For example, incoming Windows
executables or screensavers might be disallowed.
Content-based ltering can also be used to improve
bandwidth optimization by blocking large or resource-
hungry content, such as streaming video.
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
5/15
Web security buyers guide
Web security buyers guide 5
Data loss prevention
Data loss prevention is an increasingly important element
o an eective web security solution in the Web 2.0 world.
With strict privacy and data condentiality regulations and
requirements becoming common in most jurisdictions,
its becoming critical to enorce a comprehensive data
protection strategy that governs mobile computers,
removable media, devices such as USB sticks, traditional
email, and o course Web 2.0 applications.
For a DLP engine to be eective, it must be able to
scan and recognize sensitive data types such as credit
card numbers, personally identiable inormation,
bank account inormation, social insurance numbers,
and more. Predened content control lists (CCLs) that
cover hundreds o dierent sensitive data types across
multiple localized geographies are critical to making DLP
manageable and eective.
Furthermore, the most eective DLP will be that which
can cover all potential exit points including removable
media, devices, email, web and social media applications
and stop sensitive data rom being exposed at the source
right on the users desktop. It should also integrate tightly
with encryption solutions to acilitate the movement o
sensitive data that does need to leave the organization.
The ollowing table ully articulates the key buying
criteria you should consider when evaluating a potential
web security and control solution. Use this as a guide
or your online research, vendor discussions, or RFP. Be
sure you are getting the most value or your investment
in web security and control by ensuring your vendor is
providing you with a complete solution that is simple
to deploy and administer, rom a trusted source that
provides the service and support you require.
Key Buying Criteria
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
6/15
Web security buyers guide
Web security buyers guide 6
Web application control:
Control and limit the number o
web applications in the environ-
ment to reduce the threat surace
area rom exploits
Whattolookfor:Look or an application control solution that runs on
the endpoint and can block unwanted applications at the source on the
desktop. Solutions that simply inspect ports or packets at the gateway
are ineective at controlling the risk o being exploited stop these apps
rom running in the rst place. Also look or a solution which can identiy
applications based on identity signatures rather than relying on common
path and le names to avoid masquerading apps rom side-stepping
controls. Also ensure the solution enables easy control over categories o
applications with granular control as needed and provides regular updates
to the app control lists on a regular basis to make administration easy.
Specifc questions to ask:
Does your app control block applications rom running on the desktop?
Does your app control rely on signatures or le and path names?
How many application identities does your solution include?
How oten is the database o apps updated?
Do you support fexible, easy to use policies with app categories?
SecurityandControlComponents:
URL fltering database:
Categorization o websites with
block/allow policy options
Whattolookfor:While URL classication databases are largely a
commodity, select one that has categories that make sense or your
organization. More categories are not always better as it may create
added complexity or your policy management. Ensure multiple languages
are provided and the URL database is signicant in scope and updated
regularly. Also ensure that policy controls are simple, wizard driven, and
enable policies set by user, group, time, site, or category with fexibility to
easily create custom policies.
Specifc questions to ask:
How many languages does your database cover?
How oten is the database updated?
Who updates the database and what resources do they have/use?
Are your policy settings wizard driven?
Do you support custom policies with site tags and special hours?
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
7/15
Web security buyers guide
Web security buyers guide 7
Reputation database:
Augments URL ltering with
reputation and risk classica-
tion to ensure risky sites in any
category are scanned or blocked
Whattolookfor:A reputation database that is maintained by a top-tier
security company that invests heavily in web malware research and provides
requent updates. Also, look or a solution that protects both networked
corporate users as well as mobile or remote users who may not be operating
on the corporate network.
Specifc questions to ask:
Does your reputation database protect mobile and remote users outside
the oce?
Do you track site reputation across categories?
How does your solution deal with risky sites within allowed categories?
How oten is the database updated?
Who updates the database and what resources do they have/use?
SecurityandControlComponents:
Anonymizing proxy detection:
Blocks users rom using proxies
to bypass web ltering
Whattolookfor:A combination o real-time proxy detection to identiy
new or obscure proxies, coupled with a comprehensive proxy discovery
service to ensure policy compliance. Inquire about what sources your
web security vendor uses to catalog anonymizing proxies, how many they
catalog every day, and how oten they provide updates. Avoid any solution
which cannot detect anonymizing proxy use in real-time as users initiate
a connection through one, as there are plenty o obscure or home-based
proxies that any reputation service will never nd.
Specifc questions to ask:
How oten do you update your catalog o anonymizing proxies?
How many new anonymizing proxies do you detect daily?
How does your solution handle obscure or private/home-based proxies?
Who updates the proxy catalog and what resources do they have/use?
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
8/15
Web security buyers guide
Web security buyers guide 8
Real-time malware scanning:
Scans all inbound and outbound
web trac in real-time
Whattolookfor:Not all web malware scanning is created equal. Avoid
signature-based scanning engines and select an engine that utilizes
behavioral pre-execution analysis to determine code intent which will
provide zero-day protection rom new malware. Furthermore, inquire about
obuscated javascript. I the anti-malware engine cannot deobuscate and
emulate javascript in real-time to analyze its behavior beore passing it
to the browser, look or a solution that does or the best protection rom
server side polymorphing malware. Since malware scanning is particularly
important, heres an additional checklist o important criteria:
Real-time: looks at content as its accessed or downloaded
Behavioral: goes beyond signatures to analyze code or malicious intent
beore it executes
Script emulation: will decode and emulate obuscated javascript beore
passing it to the browser
Multi-vector: provides integrated malware detection across several vectors
including the gateway, the browser, and the desktop
Bi-directional: inspecting both outbound requests (or signs o malware on
your network calling home) and incoming content
Low latency: can scale and handle peak loads eciently to ensure a
seamless user experience
Update requency: signature and threat identity inormation should be
provided at intervals measured in minutes, not hours or days.
Specifc questions to ask:
Does your reputation database protect mobile and remote users outside the
oce?
Do you track site reputation across categories?
How does your solution deal with risky sites within allowed categories?
How oten is the database updated?
Who updates the database and what resources do they have/use?
SecurityandControlComponents:
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
9/15
Web security buyers guide
Web security buyers guide 9
Call-home detection:
The ability to physically intercept
and analyze outbound trac
through the gateway to identiy
inected systems or sensitive
data leaving the organization
Whattolookfor:A system that intercepts and scans outbound requests
as well as incoming web trac. I your desired solution cannot scan
outbound web requests, theres no way to prevent inected machines
on your network rom sending sensitive data or even identiying what
machines on your network might be inected.
Specifc questions to ask:
Does your system scan and analyze outbound requests and web trac?
How does it identiy machines that are potentially inected and calling home?
SecurityandControlComponents:
HTTPS scanning andcertifcate validation:
The ability to proxy and scan
all web trac including HTTPS
encrypted channels oten used by
webmail, anonymizing proxies,
etc., which are increasingly being
targeted by malware
Whattolookfor:A solution that can not only proxy and scan HTTPS
encrypted connections, but one that can balance the need or end-user
privacy with bank and nancial institution exceptions. Also look or
certicate validation to avoid phishing attacks that spoo certicates to ool
users into believing they are secure.
Specifc questions to ask:
Does your solution enable the proxy and scanning o HTTPS encrypted trac?
Does it have the capability to exclude nancial institutions? Does it perorm certicate validation?
True fle type control:
Examines all le downloads
to determine their true type to
dramatically reduce the threat
surace area rom undesired
le types
Whattolookfor:A solution that simply looks at le extensions or MIME
types is inadequate. Only consider a solution that does true le type
detection by inspecting the le header inormation. This is the only way to
prevent content masquerading to reduce your threat surace area and keep
undesirable or illegal content o your network.
Specifc questions to ask:
How many le types does your solution identiy and control?
What technique does it use to identiy les (extensions or header analysis)?
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
10/15
Web security buyers guide
Web security buyers guide 10
Data loss prevention:
Examines content or sensitive
data to prevent it leaving
the organization through
unauthorized means
Whattolookfor:A DLP solution should cover all vectors o potential data
loss including removable media, devices such as USB sticks, traditional
email, and Web 2.0 applications. Ideally the solution should block
sensitive data leaks at the source on the users desktop. It must include
a predened list o sensitive data type denitions and must be updated on
a regular basis as new sensitive data types are dened.
Specifc questions to ask:
What is the scope o coverage o your DLP solution?
Where does it run and block sensitive data at?
How many sensitive data type denitions are included?
Can the sensitive data types be easily extended or customized?
How oten are the sensitive data types updated?
Does the DLP solution integrate with encryption options or data that does
need to leave?
SecurityandControlComponents:
Scalable:
A solution that scales with
your growing business, rom
small companies to large,
geographically distributed
enterprises
Whattolookfor:A range o dierent hardware appliance models at
price points attractive to organizations o all sizes that enables you to
easily upgrade as your business grows. In particular, look or a solution
that oers simple centralized management o multiple appliances in either
a single site or perormance and redundancy or across multiple sites or
geographically distributed organizations.
Specifc questions to ask:
What range o models do you oer?
Do you oer an aordable solution or small businesses or small
branch-oce locations?
Do you oer centralized management or consistent and easy policy
settings across a large number o appliances?
Deployment,Management&VendorCapabilities
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
11/15
Web security buyers guide
Web security buyers guide 11
Flexible deployment modes:
Dierent deployment options that
enable the solution to t with
your IT and business objectives
providing the ideal balance
between security and ease-o-
deployment and management
Whattolookfor:The ideal solution will support a range o options including
explicit proxy mode, transparent mode operation, and support or Ciscos
WCCP protocol. Avoid solutions that rely strictly on port-spanning operation.
Specifc questions to ask:
Does your solution support explicit proxy mode?
Does your solution support Ciscos WCCP protocol?
Does your solution support transparent mode with directory service integration?
How long does it take to deploy and congure your solution?
Deployment,Management&VendorCapabilities
Directory services integration:
The ability to integrate with your
Microsot Active Directory or Novell
eDirectory services to identiy and
authenticate users automatically
Whattolookfor:Support or both Microsot and Novell directory services
with easy setup and integration or user-based policy settings and reporting.
Specifc questions to ask:
Does your solution support Microsot Active Directory integration?
Does your solution support Novell eDirectory integration?
Easy to manage:
A solution that is immediately in-
tuitive and doesnt consume a lot
o your time and eort to set up
and administer on a daily basis
Whattolookfor:I you cant get the system deployed in just a ew minutes
without a lot o documentation or several calls to your vendors support line,
then you have the wrong product. Select a solution with task-based, wizard-
driven setup, policy administration, and reporting. Avoid any solution thats not
immediately clear and intuitive.
Specifc questions to ask:
Whats required to set up and congure the system?
How intuitive is the management console?
Does the setup and conguration use wizards, or lots o screens with elds
that are poorly labeled?
Does the solution provide thorough online help?
How many steps does it take to set up a typical policy?
Monitoring and alerting:
The health o the appliance or
solution is monitored remotely
and alerts are provided in the
event o any malunction
Whattolookfor:A solution that is remotely monitored or you by your
vendor that will alert you immediately i anything is wrong.
Specifc questions to ask:
Do you monitor the health o your solution or each customer?
I so, do you provide alerts and remote remediation?
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
12/15
Web security buyers guide
Web security buyers guide 12
Deployment,Management&VendorCapabilities
Dashboard and reporting:
The ability to monitor your user,
web trac, and threat activity at
a glance rom a real-time dash-
board, and drill down into rich
and sophisticated reporting or
orensics and compliance insight
Whattolookfor:A solution that has an aggregate dashboard that
can span multiple separate appliances and present real-time status on
user activity, throughput, latency, threats, and other important Internet
trac metrics. Its more important that the reporting system provide the
inormation you need in a simple convenient manner than try to wow you
with the sheer number o dierent reporting options. Reporting should be
simple and provide drill-down capabilities, with a variety o important user,
trac, and activity reports to satisy all stakeholders in your organization.
Look or solutions that can provide both ad-hoc up to the minute reports
while also supporting a variety o parameters and export options including
PDF output. In addition, regular scheduled reporting is essential to save
you time and eort satisying the needs o various stakeholders in the
organization... Beware: once you have rich Internet activity reporting at
your ngertips, everyone will want it.
Specifc questions to ask:
Does your solution oer centralized reporting across multiple appliances
and locations?
Does your solution oer an aggregate real-time dashboard across multiple
appliances and locations?
Does your solution oer up-to-the-minute ad-hoc reporting?
Does your solution oer PDF output or easy sharing o reports?
Does your solution oer regularly scheduled reports that are automatically
emailed to stakeholders and easy to set up with a simple wizard?
Does your solution oer reports or network trac, user activity, policy
warnings and violations, top oenders and more?
What is the length o data retention or reporting?
Frequent updates:
Frequent updates to malware
identities, risky or malware-inested
sites, and anonymizing proxies
Whattolookfor:Ideally your solution should update as requent as everyew minutes as needed. Avoid solutions whose update requency is measured
in hours. By the time you get an update, its likely too late.
Specifc questions to ask:
How oten do you provide threat updates?
Who maintains the updates and what resources do they have/use?
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
13/15
Web security buyers guide
Web security buyers guide 13
Deployment,Management&VendorCapabilities
Easy upgrades:
Updates to product sotware are
easy to deploy
Whattolookfor:Ideally your product should update automatically without
any intervention and at no extra cost or minor or major version releases.
Specifc questions to ask:
Whats required to install a sotware update to the system?
How much do updates and upgrades cost?
Service and Support:
The support experience
Whattolookfor:A company that treats you like a partner in protecting
your organization, and that oers 24/7/365 support at no additional cost
with immediate access to local ront-line engineers who can actually
help in your language. Also look or a solution that oers an advance
replacement warranty on all hardware. Avoid vendors whose support is all
overseas or who deal with both enterprise and consumer customers.
Specifc questions to ask:
What support is included at no extra charge?
When I call support, who am I talking to and where are they?
Does your company support both corporate and consumer solutions?
What premium support options do I have?
Security labs:
The team responsible or threat
analysis and security updates
Whattolookfor:Look or a solution backed by a top-tier global round-
the-clock security labs operation that deals with blended email, web, and
endpoint threats.
Specifc questions to ask:
How many people work in your labs operations?
Where are they located?
Do team members specialize in certain threats or are the labss research
ully blended across spam, web inections, and viruses?
What level o automation and other resources do they utilize to keep
ahead o the threats?
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
14/15
Web security buyers guide
Web security buyers guide 14
BuyingGuideChecklist
Criteria OtherSophos
SecurityandControl
WebApplicationControl
Desktop control over applications Uses Application Identities Granular policy control Frequent identity updates
URLFiltering
Multiple language support Frequent updates (minutes) Wizard Driven Policy
ReputationFiltering
Provided by top-tier vendor Mobile/remote user protection Frequent updates
ProxyFiltering
Real-time proxy detection Proxy discovery service Hundreds o new proxies added daily
Real-timeMalwareScanning
Real-time Behavioral Script emulation Multi-vector Bi-directional Low latency Frequent updates
Call-homedetection
Scan outbound requests
HTTPSScanning
Proxy encrypted trac Financial site exclusions
Certicate validation
ContentFiltering
Uses true-le-type identities Granular policy control
DataLossPrevention
Works at the desktop Covers media, devices, web, email Includes pre-packaged data denitions Localized across multiple geographies Easily customized data denitions Frequent updates Integrates with encryption
-
8/6/2019 1 10243 Sophos Web Security Buyer Guide Wpna
15/15
Web security buyers guide
Boston, USA | Oxord, UK
Copyright 2010. Sophos Plc. All rights reserved.
All trademarks are the property o their respective owners.
Criteria OtherSophos
Deployment,managementandvendorcapabilities
Scalable
Multiple appliance models Small, aordable branch oce appliances Centralized management/reporting
Deploymentmodes
Explicit proxy mode WCCP mode Transparent mode
Directoryservicesintegration
Microsot ActiveDirectory Novell eDirectory
ManagementConsole
Up and running in less than 10 minutes Intuitive user interace Wizards or common tasks Online help Quick easy policy setup
MonitoringandAlerting
Remotely monitored by vendor Alerting or trouble conditions Remote remediation
DashboardandReporting
Scan outbound requests Aggregate dashboard Real-time dashboard Drill-down dashboard and reporting Well organized reports by stakeholder Up to the minute ad-hoc reporting Automated scheduled reporting PDF output option Multi-year data retention
Updatesandupgrades
Frequent threat updates 5 minutes Updates and upgrades are automatic Free upgrades
Serviceandsupport
Included 24x7x365 support Direct access to engineers Local language support Replacement warranty on hardware
Securitylabs
Global labs operation Hundreds o analysts Innovative automation Blended virus, spam, and web threats