I was having an issue with Sophos not catching Fake-AV too until I turned on HIPS. I'm catching most of it now with HIPS. Environment is approx 1000 nodes. I will agree that the online database is slim but I'm much happier than when we used Symantec EP. As a bonus Sophos includes a lot of functionality at no extra cost with Data Control (DLP) and Device Control.
Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Josh Little Sent: Tuesday, May 11, 2010 12:15 PM To: [email protected] Subject: Re: [Pauldotcom] Corporate AV suggestions I'm on the fence regarding our Sophos EP distribution. I have a feeling that it is a little less resource intensive on the clients than the Symantec 10 system we replaced, but not by a whole lot. Logging and reporting isn't that strong, especially if you are looking at offloading events to a SIM or centralized log collector. Their online database of threats is very slim on information, especially when compared with Symantec's offering at http://www.sarc.com . It also doesn't deal very well with fast morphing threats like the rash of fake security products that have blown up in the last year. Almost all of the incidents I respond to are fake AV crap. The management console is still fairly nice, beyond being weak with reporting. One strong point is deployment - it was very easy to deploy out using SMS. Hope that helps... ZT On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote: > I've been very pleased with Sophos Endpoint protection both from a pricing > perspective and support perspective. > > Jeremy Pommerening > MGR, Information Security > Symbion, Inc. > 615-234-8912 Direct > 615-429-6883 BB > > GIAC - GCFA,GPEN, GAWN & GCFW, > GIAC Advisory Board Member > MCSE Win2K, MCSE NT4, > CompTia SERVER+, HP APS > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of xgermx > Sent: Tuesday, May 11, 2010 8:33 AM > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] Corporate AV suggestions > > So, it's license renewal time for our A/V and I'm open for > suggestions/recommendations/horror stories. (I'll be covering roughly > 500 Windows based machines). > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > Disclaimer: The email and files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. If you are not the original recipient or the person responsible > for the delivering the email to the intended recipient, be advised that you > have received this email in error, and that any use, dissemination, > forwarding, printing or copying of this email is strictly prohibited. If you > received this email in error, please delete it from your system without > copying it, and notify the sender by reply email so that our address record > can be corrected. Thank you. Symbion, Inc. > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
